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EXAMINER'S ANSWER 

This is in response to tlie appeal brief filed July 18, 2007 appealing from the Office 
action mailed August 22, 2006. 

(1) Real Party in Interest 

A statement identifying by name the real party in interest is contained in the brief. 

(2) Related Appeals and Interferences 

The examiner is not aware of any related appeals, interferences, or judicial 
proceedings which will directly affect or be directly affected by or have a bearing on the 
Board's decision in the pending appeal. 

(3) Status of Claims 

The statement of the status of claims contained in the brief is correct. 

(4) Status of Amendments After Final 

The appellant's statement of the status of amendments after final rejection 
contained in the brief is correct. 

(5) Summary of Claimed Subject Matter 

The summary of invention contained in the brief is correct. 



Application/Control Number: 10/005,066 Page 3 

Art Unit: 2146 

(6) Grounds of Rejection to be Reviewed on Appeal 

The appellant's statement of the grounds of rejection to be reviewed on appeal is 
correct. 

(7) Claims Appendix 

The copy of the appealed claims contained in the Appendix to the brief is correct. 

(8) Evidence Relied Upon 

The following is a listing of the prior art of record relied upon in the rejection of 
claims under appeal: 

■ Vairavan, (2002/0083344) issued on June 27, 2002. 

■ Wang et al., (6,538,997) issued on March 25, 2003. 

■ Holloway et al., (5,805,801 ) issued on September 08, 1 998. 

(9) Grounds of Rejection 

The following ground(s) of rejection are applicable to the appealed claims: 
1. Claims 13-16, 18-22 and 25-30 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Vairavan, U.S. Patent Application Publication No. 
2002/0083344 (hereinafter Vairavan), in view of Wang et al., U.S. Patent No. 
6,538,997 (hereinafter Wang). 
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2. With respect to claims 22 and 1 3, Vairavan teaches a method of 
managing a network [see abstract and fig.1], said method comprising: 

■ accessing a database of a stored physical topology of said network to obtain 
authorized address at host ports of switches [paragraphs 0074-0084 i.e. a 
security policy database]; 

■ configuring a switch in said network to forward a packet received at a first port 
[120, 125 and 130] if an address associated with said packet is authorized for 
said first port [paragraphs 0054-0060]; 

■ comparing a set of learned addresses against set of expected addresses, 
said learned addresses comprising addresses associated with packets 
processed at a second port [1 15a-g], said expected addresses derived from 
an expected configuration of said network [paragraphs 0059-0060 and 0086- 
0101]. 

However, Vairavan does not explicitly show tracing a topology of said 
network to find a third port where an unexpected address entered said network, 
said third port coupled to a device having a media access control (MAC address) 
that is said unexpected address. 

In a method of managing a network, Wang suggests or discloses tracing a 
topology of said network [i.e. tracing of the computer network, col.1 , lns.1 1 -32 
and col.5, ln.9 - col.6, ln.65] to find a third port where an unexpected address 
entered said network, said third port coupled to a device having a media access 
control (MAC address) [i.e. the determination of which port a particular MAC 
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address is reachable. For example, Wang suggests if ports do not reachable, 
the frame is flooded over all outgoing non-blocked ports, col. 6, Ins. 50-65]. 

Therefore, it would have been obvious to one of ordinary skill in the art at 
the time of the invention was made to modify Vairavan in view of Wang by tracing 
a topology of said network to find a third port where an unexpected address 
entered said network, said third port coupled to a device having a media access 
control (MAC address) that is said unexpected address because this feature is a 
consequence of the topologies being aligned [Wang, col.6, lns.63-65]. It is for 
this reason that one of ordinary skill in the art at the time of the invention would 
have been motivated in order to gather specific diagnostic information relating to 
a particular path through the switched network [Wang, col.6, lns.20-21]. 

3. With respect to claim 25, Vairavan further teaches said configuring the 
switch further comprises configuring the switch to drop said packet if said 
address is not authorized [paragraph 0132]. 

4. With respect to claims 18 and 26, Vairavan further teaches said 
configuring the switch comprises programming the switch in said network to 
recognize authorized address for said first port [paragraphs 0054-0060]. 

5. With respect to claim 27, Vairavan further teaches said configuring the 
switch further comprises configuring the switch to forward said packet to a host 
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device [215 i.e. system processor] if said address is autliorized for said first port, 
said first port coupled to said host device [paragraphs 0054-0060]. 

6. With respect to claim 28, Vairavan further teaches said method further 
comprising: determining changes in physical topology of said network 
[paragraphs 0060 and 0086-0088]. 

7. With respect to claim 29, Vairavan further teaches said determining 

changes in physical topology comprises comparing a physical description of said 
network with said stored physical topology of said network [paragraphs 0060 and 
0086-0088]. 

8. With respect to claims 30, Vairavan further teaches said address is a 
media access control (MAC) address and wherein said network comprises a 
virtually-wired switching fabric [fig.2]. 

9. With respect to claims 1 4-1 5, Vairavan further teaches said network is a 
virtually-wired switching network [fig.1] and said first port couples switches in said 
network and said second port is couple to a host device [paragraphs 0046-0054]. 



Application/Control Number: 10/005,066 Page 7 

Art Unit: 2146 

1 0. With respect to claim 1 6, Vairavan further teaches said method further 
comprises: taking corrective action at said second port, wherein said second 
port is coupled to a host device [paragraphs 0069-0071]. 

1 1 . With respect to claim 1 9, Vairavan further teaches of said method is 
repeated for each interconnect port in said network, wherein said network 
comprises a plurality of switches [paragraph 0069 and fig.1]. 

12. With respect to claim 20, Vairavan further teaches said method further 
comprises: determining changes in physical topology of said network 
[paragraphs 0059-0060 and 0086]. 

1 3. With respect to claim 21 , Vairavan further teaches of said method 
comprises comparing a physical description of said network with a stored 
physical description of said network [paragraphs 0073-0088]. 

14. Claims 17 and 24 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Vairavan in view of Wang as applied to claims 13 and 22 
above, and further in view of Holloway et al., U.S. Patent No. 5,805,801 
(hereinafter Holloway). 
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15. With respect to claims 17 and 24, Vairavan further teaches the method 
further comprising: said network is a virtually-wired switching fabric [fig. 2] and 
said third port is at the edge of said fabric [paragraphs 0068-0070]. 
However, Vairavan does not explicitly show disabling said third port. 

In a method of managing a network, Holloway discloses disabling a port 
[col.3, lns.3-25]. 

Therefore, it would have been obvious to one of ordinary skill in the art at 
the time of the invention was made to modify Vairavan in view of Wang, and 
further in view of Holloway by disabling the port because this feature not only 
provides for detection of security intrusions, but also provides the proactive 
actions needed to stop the proliferation of security intrusions over the domain 
[Holloway, col.2, lns.41 -45]. It is for this reason that one of ordinary skill in the art 
at the time of the invention would have been motivated in order to filter on their 
respective ports against the intruding unauthorized address [Holloway, see 
abstract]. 

16. Claims 31 -38 are rejected under 35 U.S.C. 1 03(a) as being unpatentable 
over Vairavan in view of Wang, and further in view of Holloway. 

1 7. With respect to claim 31 , Vairavan teaches a network comprising: 
■ a plurality switches [paragraphs 0047-0048]; 
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■ said switches interconnected and configured to control communication 
between a plurality of devices coupled to said network [fig.1]; 

■ a database having stored therein a stored physical topology of said network 
and authorized addresses associated with packets processed at ports of said 
switches, wherein said authorized addresses are based on said stored 
physical topology [paragraphs 0074-0084 i.e. a security policy database]; 

However, Vairavan does not explicitly show a configuration agent that is 
able to program said switches based on said authorized address to detect a 
packet having an unauthorized address; and a management agent that is able to: 
compare addresses learned by said switches against said authorized addresses 
to determine an unauthorized address. 

In a method of managing a network, Wang suggests or discloses tracing a 
topology of said network [i.e. tracing of the computer network, col.1 , lns.1 1 -32 
and col.5, ln.9 - col.6, ln.65] to find a third port where an unexpected address 
entered said network, said third port coupled to a device having a media access 
control (MAC address) [i.e. the determination of which port a particular MAC 
address is reachable. For example, Wang suggests if ports do not reachable, 
the frame is flooded over all outgoing non-blocked ports, col.6, Ins. 50-65]. 

Therefore, it would have been obvious to one of ordinary skill in the art at 
the time of the invention was made to modify Vairavan in view of Wang by tracing 
a topology of said network to find a third port where an unexpected address 
entered said network, said third port coupled to a device having a media access 
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control (MAC address) that is said unexpected address because tliis feature is a 
consequence of the topologies being aligned [Wang, col. 6, Ins. 63-65]. It is for 
this reason that one of ordinary skill in the art at the time of the invention would 
have been motivated in order to gather specific diagnostic information relating to 
a particular path through the switched network [Wang, col. 6, Ins. 20-21]. 

Further, Holloway discloses a configuration agent that is able to program 
said switches based on said authorized address to detect a packet having an 
unauthorized address [col.3, lns.30-43 and col.4, ln.46 - col.5, In. 12]; and a 
management agent that is able to: compare addresses learned by said switches 
against said authorized addresses to determine an unauthorized address [col. 7, 
lns.7-68 and col.3, lns.37-39], in a communication system. 

Thus, it would have been obvious to one of ordinary skill in the art at the 
time of the invention was made to modify Vairavan in view of Wang, and further 
in view of Holloway by adding a configuration agent and management agent 
because this feature this feature not only provides for detection of security 
intrusions, but also provides the proactive actions needed to stop the proliferation 
of security intrusions over the domain [Holloway, col. 2, lns.41 -45]. It is for this 
reason that one of ordinary skill in the art at the time of the invention would have 
been motivated in order to send an alert frame to the functional address 
[Holloway, col. 8, lns.18-19]. 
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1 8. With respect to claim 32, Vairavan further teaches said switches are 
further configured to forward said packet if said address is authorized 
[paragraphs 0054-0060]. 

1 9. With respect to claim 33, Vairavan further teaches said switches are 
further configured to drop said packet if said address is not authorized 
[paragraph 0132]. 

20. With respect to claim 34, Vairavan further teaches there is a one-to-one 
mapping between ports of said switches [paragraphs 0047-0049]. 

21 . With respect to claim 35, Vairavan further teaches said addresses are 
medium control access (MAC) addresses [fig.2]. 

22. With respect to claim 36, Vairavan further teaches said network comprises 
a virtually-wired switching fabric [fig.2]. 

23. With respect to claim 37, Vairavan further teaches said management 
agent is further able to determine changes in said physical topology of said 
network and to update said stored physical topology and authorized addresses in 
said database based on said changes [0054-0060]. 
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24. With respect to claim 38, Vairavan further teaches said configuration 
agent is further able to re-program said switches based on said updates to said 
authorized addresses [paragraphs 0054-0060]. 

(10) Response to Argument 

In the remarks, applicant argued in substance that 

I. The cited references do not meet the claim limitation of comparing 
address associated with packets received at a first port in said network 
with expected address for said first port to determine unexpected 
addresses. 

In response to Appellant's argument that the cited references do not meet 
the claim limitation of comparing address associated with packets received at a 
first port in said network with expected address for said first port to determine 
unexpected addresses, the Examiner respectfully disagrees. Vairavan discloses 
comparing addresses associated with packets received at a first port in said 
network with expected addresses for said first port to determine unexpected 
addresses [paragraphs 0059-0060; 0086-0101 and figs.2-3]. Variravan discloses 
the firewall module 310 analyzes [= compares], isolates [= determine unexpected 
addresses], filters and discards packets [paragraph 0086]. For example, when 
the firewall module 310 analyzes the packet, it must be comparing addresses. 
Further, the firewall module 310 isolates and filters packets, it must be 
determining whether the addresses unexpected or not. According to Meriam- 
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Webster online, "unexpected" means not to anticipate or look forward to the 
coming or occurrence of. "Isolate" means to select from among other. 
Analyzing, isolating, filtering, and discarding packets read on determining 
unexpected addresses. Therefore, Vairavan discloses claimed feature as show 
in above. 

II. The cited references do not meet the claim limitation of tracing a 
topology of said network to determine a second port at which a packet 
associated with an unexpected address entered said network. 

In response to Appellant's argument that the cited references do not meet 
the claim limitation of tracing a topology of said network to determine a second 
port at which a packet associated with an unexpected address entered said 
network, the Examiner respectfully disagrees. Wang discloses tracing a topology 
of said network [= tracing of the computer network, col.1, 11.11-32 and col.5, 11.9 - 
col. 6, 11.65] to find a third port where an unexpected address entered said 
network, said third port coupled to a device having a media access control (MAC 
address) [= the determination of which port a particular MAC address is 
reachable]. For example, Wang suggests if ports do not reachable [= 
unreachable] the frame is flooded over all outgoing non-blocked ports [col. 6, 
11.50-65]. According to Meriam-Webster online, "unexpected" means not to 
anticipate or look forward to the coming or occurrence of. "Unreachable" means 
not to stretch out. Therefore, Wang discloses claimed feature as show in above. 
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III. Wang, alone or in combination with Vairavan, does not teach or 
suggest a management agent that is able to ... trace a topology of said 
network to determine a second port at which a packet associated with an 
unexpected address entered said network. 

In response to Appellant's argument that Wang, alone or in combination 
with Vairavan, does not teach or suggest a management agent that is able to ... 
trace a topology of said network to determine a second port at which a packet 
associated with an unexpected address entered said network, the Examiner 
respectfully disagrees. According to dictionary, agent In networking Is the part of 
the system that performs information preparation and exchange on behalf of a 
client or server, in the client-server model. Wang discloses performing a trace of 
a multicast path at layer-2 with a trace request and response packet to a network 
management node [col. 2, 11.46-65]. Performing a trace with exchanging request 
and response to network management node is inherently including a 
management agent. Further, Wang discloses tracing a topology of said network 
[= tracing of the computer network, col.1, 11.11-32 and col. 5, 11.9 - col. 6, 11.65] to 
find a third port where an unexpected address entered said network, said third 
port coupled to a device having a media access control (MAC address) [= the 
determination of which port a particular MAC address is reachable]. For 
example, Wang suggests if ports do not reachable, the frame is flooded over all 
outgoing non-blocked ports, col.6, 11.50-65]. According to Meriam-Webster 
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online, "unexpected" means not to anticipate or look forward to the coming or 
occurrence of. "Unreachable" means not to stretch out. Therefore, Wang 
discloses claimed feature as show in above. 

In response to Appellant's argument that Wang, alone or in combination 
with Vairavan does not teach or suggest, "a management agent that is able to ... 
trace a topology of said network to determine a port where a packet associated 
with said unauthorized address entered said network," the Examiner respectfully 
disagrees. According to dictionary, agent in networking is the part of the system 
that performs information preparation and exchange on behalf of a client or 
server, in the client-server model. Wang discloses performing a trace of a 
multicast path at layer-2 with a trace request and response packet to a network 
management node [col.2, 11.46-65]. Performing a trace with exchanging request 
and response to network management node is inherently including a 
management agent. Further, Wang discloses tracing a topology of said network 
[= tracing of the computer network, col.1, 11.11-32 and col.5, 11.9 - col.6, 11.65] to 
determine a port where a packet associated with said unauthorized address 
entered said network [= the determination of which port a particular MAC address 
is reachable]. For example, Wang suggests if ports do not reachable, the frame 
is flooded over all outgoing non-blocked ports, col.6, 11.50-65]. According to 
Meriam-Webster online, "unexpected" means not to anticipate or look forward to 
the coming or occurrence of. "Unreachable" means not to stretch out. 
Therefore, Wang discloses claimed feature as show in above. 
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IV. Whether the Appellants' arguments are improper for arguing 
individually against a particular element that each prior Art reference has 
the same deficiency with regard to the particular element. 

In response to Appellant's argument that whether the Appellants' 
arguments are improper for arguing individually against a particular element that 
each prior Art reference has the same deficiency with regard to the particular 
element, the Examiner respectfully disagrees. For example, in the remark page 
10 mailed on November 02, 2006, in response to Appellant's argument that the 
combination of Vairavan and Wang fails to teach or suggest the claimed 
embodiments because Wang does not overcome the shortcoming of Vairavan, 
the examiner respectfully disagree. The examiner recognizes that obviousness 
can only be established by combining or modifying the teaching of the prior art to 
produce the claimed invention where there is some teaching, suggestion, or 
motivation to do so found either in the references themselves or in the knowledge 
generally available to one of ordinary skill in the art. See In re Fine, 837 F.2d 
1071, 5 USPQ2d 1596 (Fed. Cir. 1988) and In re Jones, 958 F.2d 347, 21 
USPQ2d 1941 (Fed. Cir. 1992). In this case, it would have been obvious to one 
of ordinary skill in the art at the time of the invention was made to modify 
Vairavan in view of Wang by tracing a topology of said network to find a third port 
where an unexpected address entered said network, said third port coupled to a 
device having a media access control (MAC address) that is said unexpected 
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address because this feature is a consequence of the topologies being aligned 
[Wang, col.6, lns.63-65]. It is for this reason that one of ordinary skill in the art at 
the time of the invention would have been motivated in order to gather specific 
diagnostic information relating to a particular path through the switched network 
[Wang, col.6, Ins. 20-21]. Second, one cannot show nonobviousness by attacking 
references individually where the rejections are based on combinations of 
references. See In re Keller, 642F. 2d 413, 208 USPQ 871 (CCPA 1981); In re 
Merck & Co., 800 F. 2d 1091, 231 USPQ 375 (Fed. Cir. 1986). Appellant 
obviously attacks references individually without taking into consideration based 
on the teaching of combinations of references as show in the above. Therefore, 
Wang does overcome the shortcoming of Vairavan as show in above. 

(11) Evidence Appendix 

None 

(12) Related Proceedings Appendix 

None 
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For the above reasons, it is believed that the rejections should be sustained. 
Respectfully submitted, 

Nghi V. Iran 
/NT./ 

January 14, 2008 
/John Follansbee/ 

Supervisory Patent Examiner, Art Unit 2151 

Conferee: 

/John Follansbee/ 

Supervisory Patent Examiner, Art Unit 2151 
/JEFF PWU/ 

Supervisory Patent Examiner, Art Unit 2146 



